What’s At Stake If Your Business Is Hit With a DDoS Attack

Posted on

Distributed Denial of Service, referred to as DDoS, attacks are a fact of life in the modern business landscape. Any company with an online presence is, unfortunately, vulnerable to DDoS attacks — not even the smallest organizations are immune.  

While the cost of dealing with DDoS attacks is high, the negative impacts of a DDoS attack go well beyond financial losses. Taking steps toward DDoS attack prevention help to eliminate a significant impact and is one of the best strategies you can take ahead of dealing with the fallout should one occur.  

What is a DDoS Attack?

A DDoS attack is a type of cyberattack designed to prevent legitimate access to a website or application. As its name implies, cybercriminals performing a DDoS attack use multiple devices distributed over the internet to mount the attack. DDoS attacks get carried out for various reasons, including financial gain, deflection, industrial espionage, ideological or political reasons, and also state-sponsored attacks.  

With a DDoS attack, cybercriminals aim to overwhelm the attacked service with so many requests and network traffic volumes that the servers hosting the targeted website or application cannot respond — to the point that they become inoperable. DDoS attacks can take a website or application offline for hours or even days.  

How does a DDoS attack work?

DDoS attack is a catch-all term that covers multiple attack methods — attack methods that can occur at various layers of the network stack. Modern DDoS attacks will often use a combination of techniques within the application, network, and transport layers.  

Our blog published in September covers the nitty-gritty of how a DDoS attack works, along with the history of DDoS attacks, DDoS attack mitigation and remediation techniques. You can read that blog here. Some of the highlights of that blog, pulled from surveys and reports, are quite striking and bear repeating:  

  • More than 5.4 million known DDoS attacks occurred in the first half of 2021 
  • The average size of a DDoS attack was 150 Mbps  
  • DDoS attacks designed to extract a ransom increased 29% YoY in 2021 

Mounting DDoS attacks have become commoditized with DDoS kits available, allowing individuals without technical skills the ability to target organizations with attacks. Case in point: the threat is rising with more DDoS attacks occurring every day.  

DDoS Attacks in the News

General statistics and trends about DDoS attacks are important and required to demonstrate the need for DDoS protection and mitigation measures. But taking it a step further, calling out attention to newsworthy DDoS attacks and their impacts helps to drive the point home. Here are a few significant DDoS attacks that have made headlines in recent years:  

  • The Library of Congress (2022) — The Library of Congress was a symbolic attack when its website fell victim to a DDoS attack on July 7, 2022. Public access to the website was disrupted for two hours. KillNet, a pro-Russian cybercrime group, who launched a series of DDoS attacks on targets worldwide, was discovered as the one behind the attack.  
  • Amazon Web Services (2020) — Many of the services we rely on for business and entertainment rely on AWS cloud services, positioning the platform as a significant target for cybercriminal activity. AWS experienced the largest DDoS attack on record at the time it occurred in 2020. The DDoS attack peaked at 2.3 TB of traffic per second, and the attack lasted for three days.  
  • GitHub (2018) — GitHub is the de facto standard repository for developers to store, share, and version control code. But in 2018, prior to Microsoft acquiring GitHub, it was the victim of a DDoS attack that took the website offline for 5 minutes. It exploited a bug in the website caching system, and exploiting this bug allowed the traffic directed at GitHub from compromised devices on the web to be amplified by a factor of 51,000. Though the traffic spikes were large and overwhelming, downtime was limited because of the DDoS protection services GitHub already had in place.  

What could you lose from a DDoS attack?

DDoS attacks cause disruption and downtime for online services, and the downtime occurred will have multiple financial implications. Firstly, when the system is disrupted, users cannot complete their jobs and productivity stalls out. If the attacked site or application provides client services, there could be both financial and reputation damage due to downtime.  

If the service is a sales channel, the implication is even worse because sales transactions cannot be completed. Research shows that 50% of customers will abandon a shopping cart if it takes six seconds or more to load — and the reputational damage could be even greater.  

Increasingly, DDoS attacks are being used as a cover to hide other attack methods that aim to deploy malware. In many cases this is ransomware, which carries significant financial impact on the attacked organization, as well. Ransom demands also occur when DDoS attacks are in-progress.  

The cost of downtime associated with a DDoS attack will be unique to each organization. But most published estimates from industry surveys put the losses associated with downtime for a small- to mid-sized business in the range of $20,000-40,000 per hour.  

Aside from the financial damage associated with a DDoS attack, the reputational damage when systems are down — and the damage of when the public learns of the attack (which they will) — can be damming. In all, the best thing to mitigate the risk of financial loss from a DDoS attack is to deploy DDoS attack prevention solutions.  

What can you do to prevent a DDoS attack in 2022?

Primary defense against DDoS attacks could come from network providers or dedicated DDoS protection services. Cloud platforms like AWS and Microsoft Azure also provide DDoS protection. But strategically placed load balancers can be used as part of a broader solution to lessen the impacts of DDoS attacks.  

IT teams can use a load balancer to eliminate single points of failure and reroute traffic if a service should fall victim to a DDoS attack. This includes regional routing of traffic using global server load balancing, or GSLB. Load balancers also add resiliency by rerouting live traffic from one server to another if a server should fall to a DDoS attack or otherwise become unavailable. Not only that, but load balancers also reduce the attack surface visible to attackers, making it more difficult to overwhelm applications and saturate network links.  

3 ways LoadMaster load balancers help mitigate DDoS attacks

  1. LoadMaster can require that all connection requests to a server must pass a CAPTCHA prompt. You can enforce this for all connections, including unauthenticated requests. Using CAPTCHA prevents an attacker from directly overwhelming your application or web server with requests, as they will be intercepted at the LoadMaster and dropped when the CAPTCHA fails.  
  2. IP reputation information can be used by the LoadMaster when evaluating connection requests. Many sources of IP address reputation data are available from security providers, and LoadMaster can use this data and reject any connection requests from sites known to be used by bad actors or IP addresses used in other DDoS attacks.
  3. Restricting the number of connections allowed and what they are allowed to do can also be implemented for connections via the LoadMaster. This is known as rate-limiting or quality of service (QoS). Rate-limiting works on inbound activity and can protect against DDoS attacks and other volumetric attacks such as brute-force password-guessing. Enabling this helps prevent attackers from swamping the application servers protected via LoadMaster load balancers.  

LoadMaster is an essential part of DDoS protection

LoadMaster is the premier choice for businesses requiring load balancing. Your business success and reputation rest heavily on your ability to deliver fast, highly available and secure information — and LoadMaster helps you achieve high-performance application delivery.  

Learn more about how LoadMaster can help you achieve greater layered application security and mitigate DDoS attacks.  

Talk with a Progress technical expert about protecting your organization from a DDoS attack and get guided steps to protection your organization and its reputation from a DDoS attack.  

Posted on

Doug Barney

Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug has also served as Executive Editor of Network World, Editor in Chief of AmigaWorld and Editor in Chief of Network Computing.